CCSK Exam Prep
CCSK Exam Glossary - 40 Terms
Search the terminology pack for Certificate of Cloud Security Knowledge. Use these definitions with the study guide and practice questions.
A
- API security
- The discipline of protecting application programming interfaces from abuse, unauthorized access, and data exposure.
C
- Cloud bursting
- The use of public cloud resources to handle excess workload demand when private capacity is insufficient.
- Cloud Incident Response Plan
- A documented set of roles, responsibilities, and procedures for detecting, responding to, and recovering from cloud security incidents.
- Comprehensive logging
- The collection of detailed records of activities across systems, users, APIs, and networks for monitoring and investigation.
- Confidential/Restricted data
- A high-sensitivity data classification for information that could cause serious harm if disclosed.
- Configuration baseline
- An approved standard configuration used as the reference point for secure system settings.
- Container escape
- An attack in which a process inside a container breaks isolation and gains access to the host or other containers.
- Container security
- The practices and controls used to protect containerized applications and their runtime environments.
- Continuous monitoring
- Ongoing observation of systems and controls to detect changes, anomalies, or security issues in near real time.
D
- Data classification
- The process of labeling data based on sensitivity, value, and handling requirements.
- Data Encryption Key (DEK)
- A cryptographic key used directly to encrypt and decrypt data.
- Data lifecycle management
- The governance of data from creation through use, storage, retention, archival, and disposal.
- Deterministic encryption
- An encryption method that produces the same ciphertext for the same plaintext, enabling exact-match searches.
E
- Elastic scalability
- The ability to rapidly increase or decrease computing resources in response to workload changes.
- Encryption in transit
- Protection of data while it moves across networks, typically using secure transport protocols.
- Exact-match search
- A query operation that looks for identical values, often supported on deterministically encrypted fields.
H
- Hierarchical key management
- A key structure in which higher-level keys protect lower-level keys to support separation and scalability.
- Hybrid cloud
- A deployment model that combines private cloud or on-premises resources with public cloud services.
- Hypervisor
- The virtualization layer that creates, runs, and isolates virtual machines on a physical host.
- Hypervisor hardening
- The process of securing the hypervisor through configuration, patching, and reducing unnecessary functionality.
I
- Incident response
- The coordinated process of preparing for, detecting, containing, eradicating, and recovering from security incidents.
- Infrastructure as a Service (IaaS)
- A cloud service model that provides virtualized compute, storage, and networking while the provider manages physical infrastructure.
- Insecure Direct Object Reference (IDOR)
- An access control flaw where attackers manipulate object identifiers to access unauthorized data or resources.
K
- Key Encryption Key (KEK)
- A cryptographic key used to encrypt and protect other keys, such as DEKs.
- Key management
- The processes and controls for generating, storing, distributing, rotating, and destroying cryptographic keys.
L
- Lateral movement
- An attacker’s movement through an environment after initial compromise to access additional systems or data.
- Least privilege
- A security principle that grants only the minimum permissions necessary to perform a task.
M
- Middleware
- Software that connects applications, services, or components and supports communication or integration.
- Minimal base image
- A stripped-down container image containing only essential components to reduce attack surface.
- Multi-tenancy
- A cloud architecture in which resources are shared by multiple customers (tenants) while logical isolation is maintained between them.
O
- Object reference
- An identifier such as a record ID, filename, or URL parameter used to locate a specific resource.
P
- Physical host
- The underlying server hardware that runs one or more virtual machines or containers.
- Private cloud
- Cloud infrastructure dedicated to a single organization, offering greater control and customization.
R
- Retention period
- The length of time data must be kept to meet business, legal, or regulatory requirements.
S
- Secure deletion
- The controlled removal of data so it cannot be recovered from storage systems.
- Separation of duties
- A control that divides critical responsibilities among multiple people to reduce fraud, error, or abuse.
U
- Unauthorized access
- Access to systems or data without approved permissions or legitimate need.
V
- Virtual Machine (VM)
- A software-based emulation of a computer system that runs its own operating system on shared physical hardware.
- Virtual machine escape
- A vulnerability or attack in which code running inside a VM breaks out to affect the hypervisor or other tenants.
- VM isolation
- Security boundaries that prevent one virtual machine from accessing or interfering with another on the same host.
About These Definitions
These definitions are loaded from the shared release pack. Use them with the study guide and practice questions to connect vocabulary to exam scenarios.